Debug mode enabled for Palo Alto Networks

Vendor

Palo Alto Networks

Description

Indeni will alert if one of the debug mechanisms on a device is enabled when the default is for it to be disabled.

Remediation Steps

Turn off the debug as soon as possible.Log into the device using SSH, type "debug " and then begin typing the items listed above. Usually the last term in the command can be replaced with a "show" or something similar to identify the current settings.

How does this work?

This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of the debug (on or off).

Why is this important?

This script logs into the Palo Alto Networks firewall through SSH and retrieves the status of the debug (on or off).

Without Indeni how would you find this?

Generally, administrators try to remember to disable a debug after enabling it. Often times this doesn't happen and is left un-detected. A restart of the device will usually reset the debug status, but only happens every few months.


View Source Code